Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement General IPSec Configurations for IPSec Networks
SC-106
Cisco IOS XR System Security Configuration Guide
Creating Crypto Access Lists
This task creates crypto access lists.
SUMMARY STEPS
1. configure
2. ipv4 access-list name
3. [sequence-number] permit protocol source source-wildcard destination destination-wildcard
[precedence precedence] [dscp dscp] [fragments] [packet-length operator packet-length value]
[log | log-input]
4. end
or
commit
Step 3
end
or
commit
Example:
RP/0/RP0/CPU0:router(config)# end
or
RP/0/RP0/CPU0:router(config)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Step 4
clear cypto ipsec sa {
sa-id
| all}
Example:
RP/0/RP0/CPU0:router# clear crypto ipsec sa 100
(Optional) Clears existing security associations, which
causes any existing SAs to expire immediately.
• Future SAs use the new lifetimes.
• Any existing SAs expire according to the previously
configured lifetimes.
Note Using the clear crypto ipsec sa command with the
all keyword clears the full SA database, which
clears active security sessions. You may also
specify the sa-id argument to clear an SA with a
specific ID. For more information, see the clear
crypto ipsec sa command.
Command or Action Purpose
To Next Page
Loading...
Need help?
General
